Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild (2407.02886v1)

Published 3 Jul 2024 in cs.CR

Abstract: Given the remarkable achievements of existing learning-based malware detection in both academia and industry, this paper presents MalGuise, a practical black-box adversarial attack framework that evaluates the security risks of existing learning-based Windows malware detection systems under the black-box setting. MalGuise first employs a novel semantics-preserving transformation of call-based redividing to concurrently manipulate both nodes and edges of malware's control-flow graph, making it less noticeable. By employing a Monte-Carlo-tree-search-based optimization, MalGuise then searches for an optimized sequence of call-based redividing transformations to apply to the input Windows malware for evasions. Finally, it reconstructs the adversarial malware file based on the optimized transformation sequence while adhering to Windows executable format constraints, thereby maintaining the same semantics as the original. MalGuise is systematically evaluated against three state-of-the-art learning-based Windows malware detection systems under the black-box setting. Evaluation results demonstrate that MalGuise achieves a remarkably high attack success rate, mostly exceeding 95%, with over 91% of the generated adversarial malware files maintaining the same semantics. Furthermore, MalGuise achieves up to a 74.97% attack success rate against five anti-virus products, highlighting potential tangible security concerns to real-world users.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (64)
  1. abuse.ch. MalwareBazaar. https://bazaar.abuse.ch/sample/ab31092c90dbe2968d95d0ce959365ecdc49ba4384c5f794ebcfb75bab83ab6b/, 2024. Online (last accessed March 1, 2024).
  2. When malware is packin’heat; limits of machine learning classifiers based on static analysis features. In NDSS, 2020.
  3. Adversarial deep learning for robust detection of binary encoded malware. In IEEE S&P Workshops, 2018.
  4. Alon Rosental. Microsoft defender atp awarded a perfect 5-star rating by sc media. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-awarded-a-perfect-5-star-rating-by-sc/ba-p/1511340, 2020. Online (last accessed April 22, 2024).
  5. Evading machine learning malware detection. In Black Hat USA, 2017.
  6. Measuring similarity of malware behavior. In IEEE Conference on Local Computer Networks, 2009.
  7. Atlas VPN. Over 95% of all new malware threats discovered in 2022 are aimed at Windows. https://atlasvpn.com/blog/over-95-of-all-new-malware-threats-discovered-in-2022-are-aimed-at-windows, 2022. Online (last accessed December 25, 2022).
  8. AV-TEST. About the av-test institute. https://www.av-test.org/en/about-the-institute/, 2024. Online (last accessed April 18, 2024).
  9. Recent advances in adversarial training for adversarial robustness. In IJCAI, 2021.
  10. A survey of Monte Carlo tree search methods. IEEE Transactions on Computational Intelligence and AI in Games, 2012.
  11. What the fork? finding and analyzing malware in github forks. In NDSS, 2022.
  12. Machine learning (in) security: A stream of problems. arXiv:2010.16045, 2020.
  13. Adversarial machine learning in malware detection: Arms race between evasion attack and defense. In IEEE European Intelligence and Security Informatics Conference, 2017.
  14. Semantics-aware malware detection. IEEE S&P, 2005.
  15. Semantics-aware malware detection. In IEEE S&P, 2005.
  16. Cisco Talos Intelligence Group. ClamAV Documentation. https://docs.clamav.net, 2024. Online (last accessed March 1, 2024).
  17. Rémi Coulom. Efficient selectivity and backup operators in monte-carlo tree search. In International conference on computers and games, 2006.
  18. Cuckoo Sandbox. https://cuckoosandbox.org, 2022. Online (last accessed Nov. 1, 2022).
  19. Adversarial EXEmples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection. arXiv:2008.07125, 2020.
  20. Enigma Protector Developers Team. Enigma: A professional system for executable files licensing and protection. https://enigmaprotector.com, 2024. Online (last accessed March 14, 2024).
  21. Explaining and harnessing adversarial examples. In ICLR, 2015.
  22. Efficient query-based attack against ml-based android malware detection under zero knowledge setting. In ACM CCS, 2023.
  23. CFGExplainer: Explaining graph neural network-based malware classification from control flow graphs. In IEEE DSN, 2022.
  24. Hex-Rays. IDA Pro. https://hex-rays.com/ida-pro/, 2022. Online (last accessed Jan. 11, 2022).
  25. Hex-Rays. IDA Pro Plug-In Contest. https://hex-rays.com/contests_details/contest2011/, 2024. Online (last accessed March 1, 2024).
  26. Generating adversarial malware examples for black-box attacks based on gan. arXiv:1702.05983, 2017.
  27. Malware detection method by catching their random behavior in multiple executions. In IEEE/IPSJ International Symposium on Applications and the Internet, 2012.
  28. Kaspersky. AI and Machine Learning in Cybersecurity. https://www.kaspersky.com/resource-center/definitions/ai-cybersecurity, 2022. Online (last accessed December 25, 2022).
  29. Russell Keith-Magee. pyspamsum. https://pypi.org/project/pyspamsum/, 2024. Online (last accessed March 2, 2024).
  30. Obfuscated malware detection using deep generative model based on global/local features. Computers & Security, 2022.
  31. Adversarial malware binaries: Evading deep learning for malware detection in executables. In European signal processing conference, 2018.
  32. Jesse Kornblum. ssdeep-fuzzy hashing program. https://ssdeep-project.github.io/ssdeep/index.html, 2024. Online (last accessed March 2, 2024).
  33. Deceiving end-to-end deep learning malware detectors using adversarial examples. arXiv:1802.04528, 2018.
  34. Towards certifying the asymmetric robustness for neural networks: quantification and applications. TDSC, 2021.
  35. On the difficulty of defending contrastive learning against backdoor attacks. USENIX Security, 2023.
  36. Arms race in adversarial malware detection: A survey. ACM Computing Surveys, 2021.
  37. DEEPSEC: A uniform platform for security analysis of deep learning model. In IEEE S&P, 2019.
  38. MalGraph: Hierarchical graph neural networks for robust Windows malware detection. In IEEE INFOCOM, 2022.
  39. Multilevel graph matching networks for deep graph similarity learning. IEEE Transactions on Neural Networks and Learning Systems, 2021.
  40. Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art. Computer & Security, 2023.
  41. Malware makeover: breaking ml-based static analysis by modifying executable bytes. In ACM AsiaCCS, 2021.
  42. Towards adversarial malware detection: Lessons learned from pdf-based attacks. ACM Computing Surveys, 2019.
  43. Alex McFarland. 10 Best Antivirus Programs of 2022 (AI Powered). https://www.unite.ai/10-best-antivirus-programs-of-2022-ai-powered/, 2022. Online (last accessed December 25, 2022).
  44. Microsoft Defender for Endpoint. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide/, 2022. Online (last accessed Nov. 1, 2022).
  45. Microsoft, Inc. PE format. https://docs.microsoft.com/en-us/windows/win32/debug/pe-format, 2022. Online (last accessed August 20, 2022).
  46. Jonathan Oliver. TLSH - A Locality Sensitive Hash. https://tlsh.org/index.html, 2024. Online (last accessed March 2, 2024).
  47. Intriguing properties of adversarial ml attacks in the problem space. In IEEE S&P, 2020.
  48. Malware detection by eating a whole EXE. arXiv: 1710.09435, 2017.
  49. Mastering the game of Go with deep neural networks and tree search. Nature, 2016.
  50. Challenges of malware analysis: Obfuscation techniques. International Journal of Information Security Science, 2018.
  51. Exploring adversarial examples in malware detection. In IEEE S&P Workshops, 2019.
  52. The best antivirus protection. https://www.pcmag.com/picks/the-best-antivirus-protection, 2022. Online (last accessed Nov. 1, 2022).
  53. The UPX Team. Upx: The ultimate packer for executables. https://upx.github.io, 2024. Online (last accessed Feb. 15, 2024).
  54. The robust malware detection challenge and greedy random accelerated multi-bit search. In ACM AISec, 2020.
  55. VirusTotal Documentation Hub. Why don’t you have statistics comparing antivirus performance? https://docs.virustotal.com/docs/antivirus-stats, 2024. Online (last accessed Feb. 18, 2024).
  56. VMProtect Software. VMProtect User Manual. http://www.vdown.cn/vmpsoft/en/support/user-manual/, 2024. Online (last accessed April 18, 2024).
  57. Vmhunt: A verifiable approach to partially-virtualized binary code simplification. In ACM CCS, 2018.
  58. Adversarial attacks and defenses in images, graphs and text: A review. IJAC, 2020.
  59. Classifying malware represented as control flow graphs using deep graph convolutional neural network. In DSN, 2019.
  60. Recmal: Rectify the malware family label via hybrid analysis. Computers & Security, 2023.
  61. A survey on malware detection using data mining techniques. ACM Computing Surveys, 2017.
  62. Oleh Yuschuk. OllyDbg. https://www.ollydbg.de, 2022. Online (last accessed Nov. 1, 2022).
  63. Semantics-preserving reinforcement learning attack against graph neural networks for malware detection. TDSC, 2022.
  64. Structural attack against graph based android malware detection. In ACM CCS, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets